Техническая информация
- %WINDIR%\ime\svclrfb.exe
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations2" /t "REG_MULTI_SZ" /d "\??\%WINDIR%\ime0\0\??%WINDIR%\ime\0\??\%WINDIR%\ime\scripts.ini\0\??\<SYSTEM32>\GroupPolicy\user\Scripts\scripts.ini" /f
- <SYSTEM32>\rundll32.exe %WINDIR%\ime\winxp.dat,Launch
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\sso.bat" "
- <SYSTEM32>\attrib.exe <SYSTEM32>\GroupPolicy\*.* -r -s -h /s /d
- %WINDIR%\ime\winxp.dat
- %WINDIR%\ime\svclrfb.exe
- %TEMP%\1.tmp\scripts.ini
- %WINDIR%\ime\scripts.ini
- %CommonProgramFiles%\System\Ole DB\tmp333.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\inf[1].js
- %WINDIR%\ime\chsime\svclrfb.ini
- %CommonProgramFiles%\System\Ole DB\msadotb.htm
- %TEMP%\1.tmp\woti.dat
- %TEMP%\1.tmp\tb.dat
- %TEMP%\1.tmp\sso.bat
- %TEMP%\1.tmp\win.bat
- %WINDIR%\Debug\tb.dat
- <SYSTEM32>\GroupPolicy\gpt.ini
- %WINDIR%\Debug\error.gg
- %WINDIR%\Debug\win.dat
- %CommonProgramFiles%\System\Ole DB\tmp333.tmp
- 'localhost':1039
- 'a.###mama.cn':80
- 'www.ba##u.com':80
- '3.##shd.cn':80
- '20#.#6.232.182':80
- a.###mama.cn/inf.js
- www.ba##u.com/sudata/sudata.dat
- DNS ASK www.BA##U.com
- DNS ASK a.###mama.cn
- DNS ASK www.microsoft.com
- DNS ASK 3.##shd.cn
- '<IP-адрес в локальной сети>':1035
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''